Providing online access to patient records

Practices are contractually required to provide patients with access to their coded information in their patient record online. Fionnuala O'Donnell explains how practices can do this and provides links to useful resources.

There are many benefits to providing online access to patient records (Picture: iStock)

From April 2015 practices have been contractually required to offer online appointment booking, ordering repeat prescriptions and access to coded information held in patient records.

How much of the record should a patient see?

Guidance for the GMS contract 2015/16 states that practices are contractually required to offer online access to all detailed information. This means information that is held in a coded form within the patient's electronic medical record. There is no contractual requirement to provide online access to any free text that may be included in the record.

Test results

Real benefits to patients and practices can only be achieved when the practice provides full online access to patient records (including test results, hospital letters etc). The recommendation is therefore that practices should consider providing patients with access to letters and test results once they have been seen by a professional and marked suitable for viewing.

The 2016/17 GMS contract guidance sets out a series of 'non-contractual' arrangements related to Patient Online. One of these says that practices should provide patients who request it with online access to clinical correspondence unles it may cause harm to the patient or contains references to third parties. Practices are able to make available only those letters from a chosen date, which should be no later than 31 March 2017.

When do you start providing patient access?

The default date from which access to information is enabled should be the date of the application or 1 April 2015, whichever is earlier.

It is possible to give access to information in the records from before this date where there may be benefits to the patients and the practice. This is the practice’s decision, but bear in mind the following:

You will need to check for, and remove, any third party and sensitive information which you consider could cause the patient considerable physical or mental harm.

You may not have been the author of all the information in the record.

It may not be possible to be sure there is nothing in the record to cause harm without checking it thoroughly.

It is easier to give more access later than to take it away.

There will be a corresponding impact on workload.

Practical steps

RCGP toolkitThe RCGP has produced an extensive toolkit to help practices implement online access to records. You can access this here. The toolkit provides downloadable resources and information to help address the following points.

Set up a policy for confirming a patient’s identityThe practice needs to ensure it has taken reasonable steps to assure the identity of the person requesting access and to record this in the record.

The simplest way to do this is as part of the registration process. Add in a question to ask patients if they would like online access and then check their proof of identity at registration (one should be photo ID and the other proof of address).

For existing patients you can either check proof of identity in the same way, or for patients that are well know to a GP you can have the GP vouch for their identity

The RCGP toolkit includes advice on identity verification, a downloadable patient information leaflet and registration form, which you can access here.

Documenting patient’s record accessAt the end of the registration process the complete application form should be scanned and attached to the patient’s record, whatever the outcome of the application. This applies to applications for proxy access as well.

Check the patient recordPatients may be upset by data that they see in their record or it may have third party references that need to be removed. Sensitive data of either type should be hidden by redacting it. The data is not deleted from the record but redaction prevents it being displayed through Patient Online. All clinical systems should allow this.

Proxy access/access to a record by someone other than the patientAccess to a record by someone other than the patient is called proxy access. The rules for access to online records are in practice the same as for access to paper-based and non-digital services.

If someone requests proxy access for one of your patients, you should consider the following:

Is the subject of the record capable of delegating access and without coercion, i.e are they Gillick or Fraser competent?

Is the subject of the record a child or young person and, if so, do you have existing policies or protocols relating to a child’s paper-based records that could be extended to include online records?

It is recommended that the default position should be that access by a patient should be available from the age of 18. Practices can of course choose to make access available earlier and access by parents and guardians to a child’s record is a practice level decision, the RCGP will issue additional guidance when this becomes available.

Patients have the right to share their login in details and their record information but must be advised of the risks associated with doing this.

Training for staffPractices need to ensure that all staff understand the benefits of online access to patient records, along with your practice’s process for providing access. The RCGP's toolkit can be used to train staff.

Challenges for practices

The biggest issue with regard to online access to records is the time it takes for a GP to agree to (or otherwise) a request for access because it will often require the record to be reviewed.

However, where a patient is well known to the practice and where there is little or no risk of physical or mental harm or coercion review of the record may be deemed unnecessary by the GP.

Fionnuala O'Donnell is a practice manager in Ealing, West London, and a CCG board member.